Portable devices such as smart phones, tablets, e-readers and laptops allow users to access their business and personal data on the go. Especially with an influx of new products arriving on the market nowadays, business and home users have the liberty to select their favorites from many types of devices that best fit their needs. Although convenient, portable devices certainly have their limitations. As the use of these devices become more prevalent, there are several issues that companies need to be aware of and address:
Software version compatibility
Portable devices of all types run simplified versions of software programs because of their sizes and screen limitations. Programs designed for desktop PCs may not be compatible with portable devices, and vice versa.
Power limitation/short battery life
Most portable devices that offer three or fewer hours of battery power may not have the energy juice to keep up with back-to-back meetings all day every day or a business trip across the country.
Even with broadband Internet connection, smart phones, tablets and laptops may not necessarily match the speed of desktop PCs in terms of downloading large documents or performing other web functions, which remains an issue.
Information security problems
Portability, connectivity, and storage capacity—the features that make portable devices portable and enable them to connect to various networks and hosts are the same properties that expose them to the threats of data leakage and theft, as well as viruses or other malware.
In the case of BYOD, many organizations are reasonably concerned about the loss or disclosure of intellectual property or sensitive, proprietary information—such as PHI (Protected Health Information)—about customers and employees. Using their own phones and laptops for work offers employees convenience and efficiency. However, employers have to implement policies and procedures to ensure privacy and security, as well as to remove undue risks in the workplace.
If possible, employers could prohibit personal storage devices from the workplace. Since sensitive company information stored on personal devices are not always encrypted, it may be at high risk of being hacked. Banning personal storage devices or portable devices that cannot be controlled and monitored by the organization would be ideal. If a ban is not feasible in certain industries, applications and connectivity allowed on portable devices will need to be limited from a central position of control.
US-CERT (United States Computer Emergency Readiness Team) provides some recommended organizational practices for all portable devices:
- Limit the use of all removable media devices except where there is a valid business case that has been approved by the organization’s chief IT security office.
- Create security and acceptable-use policies for all portable devices, and educate employees about these policies.
- Choose only a few devices to support, and consider security features and vulnerabilities.
- Only allow access to the organizational network through a secure VPN connection.
- Configure SSL security features on organizational web servers to encrypt data being transmitted.
- Consider the costs and benefits of distributing locked-down, corporate-controlled devices over implementing a BYOD policy.
- Consider implementing an inventory of portable devices that may carry sensitive company information, and auditing it on a regular basis.
- Educate employees to report missing devices immediately so they can be wiped of all data. In addition, educate employees about the value of using strong passwords and PINs, and require their use.
As a general rule, personal devices and work devices should be separated for many different reasons, among which the most vitally important would be security concerns. Organizations are advised to invest on company-issued smart phones and laptops that the IT department can keep track of and have remote access to. Besides, should company-issued devices encounter any technical issues, troubleshooting would be relatively easier for the IT support team.
This article was written by Mildred D. Li, a writer for dusk magazine.